Skip to content

Add optional Claude Code hook for blocking malicious packages#172

Open
David Larsen (dc-larsen) wants to merge 2 commits intomainfrom
add-socket-gate-hook
Open

Add optional Claude Code hook for blocking malicious packages#172
David Larsen (dc-larsen) wants to merge 2 commits intomainfrom
add-socket-gate-hook

Conversation

@dc-larsen
Copy link
Copy Markdown
Contributor

@dc-larsen David Larsen (dc-larsen) commented Apr 22, 2026

Summary

Adds a PreToolUse hook (hooks/socket-gate.ts) for Claude Code that intercepts package install commands and queries the public Socket MCP server before allowing installation.

  • Blocks packages with supply chain score below 20 (known malware, typosquats, high-risk signals)
  • Supports npm, PyPI, Cargo, RubyGems, Go, and NuGet ecosystems
  • No API key, no CLI, no registration — uses https://mcp.socket.dev/ directly
  • Fails open on network, parse, and timeout errors so a Socket outage never blocks legitimate work
  • Standalone Node.js script using --experimental-strip-types — no build step, no extra deps

Replaces #168 (which used the Socket CLI + API key). Design simplified after review feedback.

Files

File Description
hooks/socket-gate.ts The hook script
hooks/socket-gate.test.ts 23 tests (8 unit, 15 integration)
README.md Setup and usage docs under "Claude Code Hook (Optional)"

Supported commands

Ecosystem Commands
npm npm install, npm i, npm add, yarn add, pnpm add, bun add
PyPI pip install, pip3 install, uv add, uv pip install, poetry add, pipenv install
Cargo cargo add, cargo install
RubyGems gem install, bundle add
Go go get, go install
NuGet dotnet add package, nuget install

How it works

  1. Claude Code emits a PreToolUse JSON payload on stdin for every Bash call
  2. The hook extracts the package name from recognized install commands
  3. It POSTs an MCP initialize then a tools/call for the depscore tool against https://mcp.socket.dev/
  4. If supplyChain < 20, it returns deny with a reason that includes the score and a socket.dev review link
  5. Anything else (unrecognized command, non-install, network error, parse error) returns allow

Test results

ℹ tests 23
ℹ pass 23
ℹ fail 0

Inspired by Jimmy Vo's dependency hook.

@dc-larsen
Add optional Claude Code hook for blocking malicious packages
ad3f52d 
Adds a PreToolUse hook (hooks/socket-gate.ts) that intercepts package
install commands across npm, PyPI, Cargo, RubyGems, Go, and NuGet, and
queries the public Socket MCP server at https://mcp.socket.dev/ to
block packages with a supply chain score below 20 (known malware,
typosquats, high-risk supply chain signals).

- No API key, CLI, or registration required
- Fails open on network, parse, and timeout errors
- 23 tests (8 unit + 15 integration), all passing

Inspired by https://blog.jimmyvo.com/posts/claudes-dependency-hook/
@dc-larsen David Larsen (dc-larsen) mentioned this pull request Apr 22, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kapravel Alexandros Kapravelos (kapravel) Awaiting requested review from kapravel

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dc-larsen